If the header from the client is invalid, just ignore it and build a pipeline with no sessions.

lib/websocket/extensions.rb

@@ -98,19 +98,23 @@ module WebSocket
     end
 
     def generate_response(header)
-      offers   = Parser.parse_header(header)
       sessions = []
       response = []
 
-      @in_order.each do |ext|
-        offer = offers.by_name(ext.name)
-        next if offer.empty? or reserved?(ext)
+      begin
+        offers = Parser.parse_header(header)
 
-        next unless session = ext.create_server_session(offer)
+        @in_order.each do |ext|
+          offer = offers.by_name(ext.name)
+          next if offer.empty? or reserved?(ext)
 
-        reserve(ext)
-        sessions.push([ext, session])
-        response.push(Parser.serialize_params(ext.name, session.generate_response))
+          next unless session = ext.create_server_session(offer)
+
+          reserve(ext)
+          sessions.push([ext, session])
+          response.push(Parser.serialize_params(ext.name, session.generate_response))
+        end
+      rescue
       end
 
       @sessions = sessions

spec/websocket/extensions_spec.rb

@@ -325,11 +325,14 @@ describe WebSocket::Extensions do
         expect(@extensions.generate_response("deflate, tar")).to eq "deflate; mode=compress"
       end
 
+      it "returns an empty response if the header is invalid" do
+        expect(@extensions.generate_response("x-webkit- -frame")).to be_nil
+      end
+
       it "returns a response for potentially conflicting extensions if their preceeding extensions don't build a session" do
         allow(@ext).to receive(:create_server_session).and_return(nil)
         expect(@extensions.generate_response("deflate, tar")).to eq "tar; gzip"
       end
-
     end
   end
 end